Merge bitcoin/bitcoin#25548: gui: Check for readlink buffer overflow and handle gracefully

fanquake · fanquake · commit 5668ccec1d37 · 2022-11-01T11:09:17.000Z
e049fd7 Bugfix: Check for readlink buffer overflow and handle gracefully (Luke Dashjr) Pull request description: If readlink returns the size of the buffer, an overflow may have (safely) occurred. Pass a buffer size of MAX_PATH+1 (the size of the actual buffer) to detect this scenario. ACKs for top commit: hebasto: ACK e049fd7. Tree-SHA512: 188bace79cbe556efe7782e46b870c02729b07b104a9316b0f7d50013504972e85baf507403d2d6060bb2bf3e13f40d735bddd18255d97a60810208c3de87691
diff --git a/src/qt/guiutil.cpp b/src/qt/guiutil.cpp
@@ -615,9 +615,10 @@ bool SetStartOnSystemStartup(bool fAutoStart)
     else
     {
         char pszExePath[MAX_PATH+1];
-        ssize_t r = readlink("/proc/self/exe", pszExePath, sizeof(pszExePath) - 1);
-        if (r == -1)
+        ssize_t r = readlink("/proc/self/exe", pszExePath, sizeof(pszExePath));
+        if (r == -1 || r > MAX_PATH) {
             return false;
+        }
         pszExePath[r] = '\0';
 
         fs::create_directories(GetAutostartDir());
